Security Statement

Security Statement

The Callaway Bank is proud to offer Callaway Bank Online and Business Banking Online to our customers. With Banking Online you can access your accounts, make transfers, and pay bills online. We have endeavored to provide a secure product by employing a firewall system, 256-bit SSL encryption, Access ID and Passwords, and multifactor authentication points of validation such as security questions when using an unregistered device. Advanced banking functions such as wires, or ACH transactions require the use of Vasco Tokens. Each of these components acts as a layer of protection to safeguard sensitive data from unauthorized access.

Firewall

Callaway Bank Online and Business Banking Online are protected by a firewall which is set up to reject unauthorized traffic. Requests must filter through the firewall before they are permitted to reach the server, reemphasizing the importance of your Access ID and multifactor authentication which are the only legitimate entry to the program. In addition, we monitor activity on our system at all times to detect unauthorized activity or intrusion attempts, and will take appropriate preventative steps should any unauthorized activity be detected.

Encryption

Once you click on the link to Banking Online you enter a secure environment. Our system employs the Secure Socket Layer (SSL) protocol to provide 256-bit encryption of data traveling between the user and our system. You must have a browser that supports 256-bit encryption in order to use The Callaway Bank site. We recommend Microsoft’s Internet Explorer version 11.0 or higher, Firefox 38 or higher, or the most current version of Chrome.

Access ID and Password

When you enroll in Callaway Bank Online or Business Banking Online, we issue an Access ID and Password, which you change the first time you log in. You will be required to change your Password every 6 months, however, you may change your password as often as you wish.

The Access ID must be between 6 and 12 characters long, and the Password must be between 8 and 12 characters long with at least 4 numbers. Both the Access ID and Password are case-sensitive. We employ the “3 strikes and you’re out” lockout mechanism to deter unauthorized access. After three unsuccessful password attempts, the system locks the Access ID, requiring a call to the bank (573-642-3322) to verify identify before entry to the system is allowed again.

While a firewall system and encryption serve to minimize the possibility of unauthorized access, it remains imperative that you safeguard your password and token for your own protection. You are responsible for the safekeeping of your password. You agree not to disclose the Access ID or Password to anyone. If you use a token, you agree not to disclose the token’s PIN or let anyone else use your token.

A separate Access ID and Password are kept for each individual on an account, so there is no need to share your Access ID and Password with another signer. Please keep your password secure, and change the password if you ever suspect your password has been compromised. You may change your password at any time and as often as you like.

MultiFactor Authentication

Banking Online uses multifactor authentication, which means there are several points of validating the user and not just relying on an ID and password. When you first pull up the website, look for a green bar in your browsers address bar. (See image below.) This first confirms that you are using our official site and not going to a spoofed website. Current web browsers (such as Chrome, Safari, Internet Explorer and Firefox) have built-in security features that detect whether the web site you’re trying to access has an active security certificate. When accessing our Online Banking site, your URL (or address bar) will be green to show that you are on a secure site.

When you log in, you’ll be asked if you want to register your computer or device. If you ever try to log in from an unregistered device, you’ll be prompted to answer one of three security questions that you setup when you enrolled. This step helps prevent cyber criminals from accessing your account. Therefore, it is best to pick questions and answers that cannot easily be found online or in social media.

Some of our Business Banking Online customers will use a VASCO Token. A VASCO Token is a small, connectionless device that generates a One Time Password to use each time you log in to Business Banking Online, and each time business users create a wire or ACH transaction. This password changes every 32 seconds for your protection. This helps ensure that your information is secure, protecting you from fraud and identity theft.